Note that instead of using the
artifact_get command directly, it is recommended to use Artifacts available through the web UI and REST interface.
Retrieve an artifact from a sensor.
usage: artifact_get [-h] [--file FILE] [--source SOURCE] [--type TYPE] [--payload-id PAYLOADID] [--days-retention RETENTION] [--is-ignore-cert] optional arguments: --file FILE file path to get --source SOURCE optional os specific artifact source (not currently supported) --type TYPE optional artifact type --payload-id PAYLOADID optional specifies an idempotent payload ID to use --days-retention RETENTION number of days the data should be retained, default 30 --is-ignore-cert if specified, the sensor will ignore SSL cert mismatch while upload the artifact
Note on usage scenarios for the
--is-ignore-cert flag: If the sensor is deployed on a host where built-in root CAs are not up to date or present at all, it may be necessary to use the
--is-ignore-cert flag to allow the logs to be pushed to the cloud.
Unlike the main sensor transport (which uses a pinned certificate), the Artifact Collection feature uses Google infrastructure and their public SSL certificates.
This may sometimes come up in unexpected ways. For example fresh Windows Server installations do not have the root CAs for
google.com enabled by default.